[tor-bugs] #21010 [Applications/Tor Browser Sandbox]: Disable RDTSC/RDTSCP to limit side-channel attacks
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Dec 17 17:05:03 UTC 2016
#21010: Disable RDTSC/RDTSCP to limit side-channel attacks
----------------------------------------------+-------------------------
Reporter: cypherpunks | Owner: yawning
Type: enhancement | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser Sandbox | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------------------------------+-------------------------
Comment (by yawning):
> Is there a reason that timing attacks against ASLR is the primary issue
in the Tor Browser Sandbox's threat model, rather than any other number of
attacks made possible by RDTSC and RDTSCP?
No, everything else is valid, it's just that, I looked into it after
reading papers on the subject (what, am I not allowed to provide
historical context)?
I'm somewhat worried that RDTSC use ends up depending on distribution, and
what the user is doing. Maybe I'm being overly paranoid here...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/21010#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list